Home Technology Cybersecurity The Futility (And Hope) Of Cybersecurity In Today’s Organizations

The Futility (And Hope) Of Cybersecurity In Today’s Organizations

1506
Thumb1

Organizations continue to cast their unprotected and sensitive data around while spending millions on cybersecurity to keep it protected and contained. The result is a cybersecurity crisis that cripples individuals, companies and nations. One replaceable technology is most at fault.

Like Sisyphus of Greek mythology, organizations globally are trapped in a futile effort to secure their data and networks while continuing to distribute their most sensitive data with reckless abandon.

As the world grapples with a pandemic, organizations have increasingly been fighting a protracted and losing war against computer viruses. [1] Recent news informs us of a malicious file that can infect any Microsoft Windows machine, granting the cybercriminal remote access and there is currently no known fix. [2] So, what now? Just stare at our screens? Maybe just turn off our computers and pick up those needed groceries — hopefully the traffic system isn’t compromised. [3]

What we see play out every single day is the news of the lost battles — organizations, private and public, breached. Their data either stolen or locked up for ransom by powerful encryption, disrupting their operations, damaging reputations, stealing their precious intellectual property and costing millions to pick up the pieces. [4] Of course, we all pay as a society. Often it is the services we rely on that are disrupted and the data stolen is our data. [5] Organizations that could be spending precious resources on developing new cures, teaching our young or managing our critical infrastructure are forced to divert funds into a futile effort to defend and clean up, breach after breach.

At what point do we look outside of our box and notice that there are huge holes in our collective security strategies and that the fixes to these challenges are right in front of us?

Neo senses that things are not as they should be — The Matrix (1999). Does our continual state of data breach and system compromise seem “right”? Is this how it’s supposed to be?

The reality is that the cybercriminals have a fundamental advantage, an advantage so powerful that no amount of defense has proven truly effective. Like having the high ground, the topology of the digital battlefield favors the cybercriminals. That advantage is our stubborn reliance on a 1970s era technology for file sharing. The most common file sharing technology worldwide, by far, is a technology developed at a time when color television was beginning to overtake black and white, namely, the email attachment — and it’s killing us. In an age in which we are celebrating advances in artificial intelligence, internet of things and blockchain, we are sharing our precious data with the technological equivalent of an 8” floppy. As a result, with every file we send through email, we promote the most effective entry point to every one of our devices and the massive, unprotected and untraceable distribution of our data.

We don’t use 8″ floppies anymore, but we continue to use their technological peer — email attachments.

How can we possibly believe that we can protect ourselves while we throw our most sensitive data everywhere with total unprotected and untraceable abandon. We are truly our own worst enemies and the cybercrooks are laughing all the way to the bank.

What makes the current situation even more egregious, is that for years, a viable alternative to email attachments has been available. Cloud storage file share links from popular services like Box, Egnyte, MS One Drive, or Google Drive, are readily accessible to many workers. In some cases, even built into the most popular email services (O365, GSuite). File links provide a secure, efficient and purpose built means for sharing files through email. [6] Security features like encryption, authentication and access revocation, all missing with email attachments, are standard capabilities.

The most common file sharing technology worldwide, by far, is a technology developed at a time when color television was beginning to overtake black and white, namely, the email attachment — and it’s killing us.

The security benefits of file links over email attachments are many and immediate. Two key benefits are safe file preview and file containment.

Safe File Preview

File share links allow email recipients the ability to safely preview file content away from their devices. In the case of the aforementioned on-going and unpatched (as of this writing) Windows virus, remote preview wont expose the user’s device to the malicious code. From a safe distance, end users can determine if a particular file is relevant. No longer do they need to play email Russian roulette, open the file and hope that it doesn’t silently infect their device.

Data shows that, in a vast majority of cases, recipients don’t even need to download email attachments. Having the ability to preview, without download, meets the user’s requirements 88% of the time. Email attachment preview avoids attachment download and the concomitant dangers of file duplication, and malicious code execution — both problems posed by standard email attachment download. [7]

Spot the difference. The same file is rendered in Box preview (left) and in Word (right). Although the documents look identical, the difference is that the Word document on the right executed malicious code and infected the user’s computer, and from there, the entire organization. Box file preview (and cloud storage previewers in general) keeps malicious code away from local devices.

File Containment, Chain of Custody & Access Control

With a computer virus, like a biological virus, the ability to understand and trace the vector of an attack’s subsequent spread is critical to remediation. In the case of email attachments, the epidemiological / forensic effort made after a breach is incredibly difficult. Email attachments are unsecure and untraceable entities. Ascertaining which employees opened a malicious file attachment and tracing down the potential distribution of that file through email is an enormous undertaking because the email and its malicious file can be on any users’ multiple devices. Because the attached file is a self contained delivery mechanism, to defend the organization, every device must be protected or every copy of the email be found, prior to end user access. Given that for every worker, email attachments create a data sprawl problem of more than 55,000 file duplicates per year — no wonder the house is always on fire. [6]

Standard email attachments (with their potentially malicious payload) are duplicated with every email recipient and device. Files shared as file links point to a single origin despite message replication.

Files that are delivered as email attachments do not self-replicate like standard email attachments do. By definition, a file link points back to a single file in a single location. Shutting down distribution of the malicious file becomes trivial by comparison, simply deny access to the file either through cloud storage access controls or firewall policy. Furthermore, cloud storage systems provide detailed audit records of who accessed and when — aka “chain of custody”. From this information, a detailed map of potential “infection” serves as the epidemiological data needed to take targeted and effective counter measures.

John Snow’s map of London, 1845. Size of red circles represent number of Cholera cases and blue pumps represent well locations [source: Data Reimagined]. Cloud storage file links provide the critical data needed to disrupt computer viral infections. Standard email attachments offer no tracking from which to map exposure.

Adoption: getting workers to use cloud storage file links

The vital advantages of sharing files through cloud storage file links are many and quantified. [6, 8, 9] But user adoption of sending file links rather than email attachments requires changing long held habits. The good news is that the ability to generate cloud storage links in email is becoming part and parcel of the most popular email applications, namely, Microsoft Outlook and Google Gmail. For even greater automation, technologies like Symantec’s Email Threat Isolation and mxHero’s Mail2Cloud platform ensure the email attachments are automatically uploaded to cloud storage for safe preview and secure delivery. These solutions work uniformly across every user device while requiring no end user involvement.

Solutions like mxHero’s Mail2Cloud can ensure automatic safe removal and preview of potentially malicious email attachments by leveraging popular cloud storage services. No end user action is required and these services work across all devices without software installation.

Closing

Email attachments are no longer adequate for today’s needs. Fifty years ago, the designers of email did not anticipate state sponsored espionage or the mass digitization of today’s workplace. Email is the modern inheritor of the letter, a role it serves so well that it has held its place as the primary means of communication on the Internet since the networks inception. But not all parts have adapted well to the realities of the current cyber landscape. Email attachments, for decades, have presented limitations and threats that increasingly create an unnecessary burden on society by threatening our individual privacy, diminishing the competitiveness of our industries, the security of our nation and even the health of our planet. [1, 9] With the rapid rise and adoption of cloud content storage, the modern alternative to email attachments has arrived. Now is time to say, “no” to email attachments and stop endlessly pushing the boulder up the hill.

Sources

  1. USA Cybersecurity Solarium Report, March 2020
Previous article3 Reasons Why Your Business Needs VR Marketing Today
Next articleAn Anecdote of Averages!
Alex Panagides
Alex Panagides is a well-known email technology pioneer and the founder and chief executive officer of mxHero, a Silicon Valley start-up providing cutting-edge solutions to support and enhance email for all, Alex launched mxHero in 2012 alongside a highly skilled team to improve email issues that companies face on a day-to-day basis, such as the increased volume and size of emails, virus and security threats, and global accessibility. The mxHero team is continually innovating to address email and data storage challenges for businesses and individuals. Alex had previously co-founded one of today’s leading email technology companies in Brazil, Inova International Inc. that grew to serve government agencies, telecom providers and multi-nationals among other organizations in the region. In addition to his work as an IT specialist with a mind for solving real-world problems related to email pain points, Alex has also served as a consultant to the World Bank in Washington D.C. and Brazil. In all, Alex brings more than 25 years of technical, operational, and managerial leadership and vision to mxHero establishing partnerships with today’s leading companies including Google, Box, Dropbox, Microsoft and Citrix.

LEAVE A REPLY

Please enter your comment!
Please enter your name here